How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
November 13, 2019.
By the CyberWire staff
Monday's cyberattack against Britain's Labour Party was repeated yesterday. Again, it was an "unsophisticated" distributed denial-of-service incident, easily mitigated, Computing reports, by Cloudflare. Nothing special, apparently: just the normal skid background noise. Reuters says the Conservative Party sustained its own DDoS attack yesterday. While sources suggest this attack came from a different actor, this incident also looks unsophisticated and minor: a Tory spokeswoman when asked about it said she was unaware of the attack.
Pemex continues to work toward recovery from the ransomware attack it sustained over the weekend. The Mexican oil giant's administrative systems are believed to have been hit with DoppelPaymer ransomware. Reuters, which has been in email contact with people who may or may not be the attackers, says the extortionists complained that Pemex missed its chance at a "discount," and that the ransom is now $5 million in Bitcoin. Computing connects the attack to the Russian criminal gang also running Dridex and Bitpaymer. (CrowdStrike has called that group Indrik Spider.) Pemex says, Reuters reports, that operations are back to normal, and that production was unaffected.
Google's Project Nightingale, which would collect and analyze patient information from the Ascension healthcare system, has come under investigation by the US Department of Health and Human Services' Office for Civil Rights, the Wall Street Journal reports. At least two matters are of concern. Was patient approval obtained to share HIPAA-protected data, and are those data adequately secured?
Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, India, Mexico, Russia, United Kingdom, United States.
Bring your own context.
Is part of the point of attribution collective defense? Consider the international response to NotPetya.
"I don't want to take credit away from the White House for eventually acting and calling out Russia, imposing sanctions, in fact, coordinating this attribution that all five Five Eyes carried out together. Canada, Australia, the U.K. and New Zealand all together named NotPetya as a Russian act. It took a long time to do it. The real mistake in my eyes is that we waited until it hit us to make that call when everyone knew that this highly dangerous group of hackers was escalating its attacks on Ukraine and doing things that should not have been acceptable in the first place. We waited for it to bite us before we took action."
—Andy Greenberg, senior writer at WIRED and author of This Machine Kills Secrets, and, most recently, Sandworm, on the CyberWire Daily Podcast, 11.8.19.
Do you know where the bad guys are getting in and what they are doing to put you at risk?
Today, it’s not enough to know what’s happening IN your network. Organizations must have situational intelligence as to what’s happening outside their environment - who’s targeting them, how are they behaving, and who’s working together to put your company at risk? Wherever those bad actors are, we’ll find them. We provide expert endpoint protection, risk management, and threat intelligence for large enterprises and government agencies worldwide.
And a reminder: Caveat is up. In this episode, "Slowly awakening to the problems we face," Ben looks at the cozy relationship between Ring and local law enforcement, Dave shares a story about a DNA tests and search warrants. Our listener on the line wonders about deleted emails. Our guest is Michael Chertoff, former US Secretary of Homeland Security, now head of the Chertoff Group.
Cyber Security Summits: November 21 in Houston and December 5 in Los Angeles(Houston, Texas, United States, November 21, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The US Department of Homeland Security, The FBI, US Department of Justice, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CPEs / CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
The persuasiveness of a remote job(Forcepoint) Advances in technology can be witnessed on different levels in our everyday life. Internet connected devices help us in virtually every aspect of the daily routine, providing tools and information on just about any subject that one can think of. Increasingly it is no longer necessary to commute to an office to fulfil a job as more companies embrace the advantages of home workers. But what if a seemingly perfect home-based job opportunity is not all that it seems?
Siemens SINAMICS (Update A)(CISA) 1. EXECUTIVE SUMMARY
CVSS v3 7.5
ATTENTION: Exploitable remotely/low skill level to exploit
Vulnerability: Uncontrolled Resource Consumption
2. UPDATE INFORMATION
This updated advisory is a follow-up to the original advisory titled ICSA-19-227-04 Siemens SINAMICS that was published August 15, 2019, on the ICS webpage on us-cert.gov.
Vulnerability Summary for the Week of November 4, 2019(CISA) The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Patch Tuesday, November 2019 Edition(KrebsOnSecurity) Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it.
Magento Urges Users to Apply Security Update for RCE Bug(BleepingComputer) Magento's security team urged users to install the latest released security update to protect their stores from exploitation attempts trying to abuse a recently reported remote code execution (RCE) vulnerability.
The Road Ahead: Cyber Security in 2020 and Beyond(FireEye) The end of the year is an important time. In our personal lives we have plenty of holidays to celebrate and we get to spend extra time with those who are most important to us. In our professional lives—and in the cyber security industry, in particular—we get a chance to pause and think about everything that happened throughout the year, what might happen in the coming year and what we could begin doing now to prepare ourselves for any obstacles we may face going forward.
Lantronix Announces Acquisition Funding(Lantronix) Term loan agreement provides $6 million of funding for acquisition. Company’s current line of credit increased from $4 million to $6 million. No change to current EPS growth guidance.
NightDragon Security taps Kyauk as MD(PE Hub) NightDragon Security has named Morgan Kyauk as managing director. Also, the cybersecurity investment firm has added Jason Martin of FireEye, Dan Burns of Optiv, Matthew Gyde of NTT Security and Andrew Howard of Kudelski Security to its advisory council.
Trend Micro Launches Comprehensive Smart Factory Security Solutions(Trend Micro Newsroom) Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in cybersecurity solutions, today announced its complete smart factory security solutions, designed to provide enhanced visibility and protection for embattled industrial control system (ICS) environments.
The Power of a Threat-Aware Network(Juniper Networks) Juniper Connected Security is more than just a marketing catchphrase or a nice metaphorical basket where all of Juniper Networks' information security products can be placed. It is an information security strategy, one focused on the importance of deep network visibility, multiple points of enforcem...
IT&E to bring quantum cryptography to the Marianas(The Guam Daily Post) IT&E, through its partnership with SK Telecom, will soon be equipped with quantum key distribution technology to strengthen the security of its 5G and LTE data transmission and reception.
India suggests a global regulation for open, safe and secure cyberspace(The Economic Times) "Four years ago, we launched the "Digital India”, the worlds largest, digital technology driven transformation programme. The central notion is that Digital infrastructure should be available as a utility to all citizens...We are excited about the opportunities, but also concerned about the threats from the cyberspace," Foreign Minister S Jaishankar said.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Enfuse 2019(Las Vegas, Nevada, USA, November 11 - 14, 2019) In a Zero Trust world, law enforcement, legal, and security professionals need to continuously augment and tune their skills. Join us at Enfuse 2019 to learn, teach, share and have fun while exploring...
Cybersecurity for Small Businesses(Hazelton, Pennsylvania, USA, November 13, 2019) During the conference, attendees will learn how cybersecurity affects entrepreneurship, why small businesses are easy victims of cyberattacks, the impact of small business cyberattacks, and common security...
SecureWorld Seattle(Seattle, Washington, USA, November 13 - 14, 2019) Connecting, informing, and developing leaders in cybersecurity. For the past 17 years, SecureWorld conferences have provided more content and facilitated more professional connections than any other event...
Time Machine 2019(Austin, Texas, USA, November 13 - 14, 2019) At Time Machine, you will actively engage with real-world AI applications. Hear from leaders on the cutting edge of technology, government, industry, academia, and the arts, and uncover the roadmap for...
QuBit Cybersecurity Conference(Sofia, Bulgaria, November 14, 2019) QuBit is a Cybersecurity Community Event connecting the East and West and it is already the 6th year on the cybersecurity market in CEE region. Based on the success in Prague, QuBit expanded further and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.